Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

First SMS Trojan detected for smartphones running Android

  • 10-08-2010 4:30pm
    #1
    Registered Users, Registered Users 2 Posts: 1,234 ✭✭✭


    http://www.kaspersky.com/news?id=207576152
    First SMS Trojan detected for smartphones running Android

    Kaspersky Lab, a leading developer of secure content management solutions, announces that the first malicious program classified as a Trojan-SMS has been detected for smartphones running on Google’s Android operating system. Named Trojan-SMS.AndroidOS.FakePlayer.a, it has already infected a number of mobile devices.

    The new malicious program penetrates smartphones running Android in the guise of a harmless media player application. Users are prompted to install a file of just over 13 KB with the standard Android extension .APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.

    The Trojan-SMS category is currently the most widespread class of malware for mobile phones, but Trojan-SMS.AndroidOS.FakePlayer.a is the first to specifically target the Android platform. It should be noted that there have already been isolated cases of devices running Android being infected with spyware. The first such program appeared in 2009.

    “The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform,” says Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

    Kaspersky Lab recommends that users pay close attention to the services that an application requests access to when it is being installed. That includes access to premium rate services that charge to send SMSs and make calls. When a user agrees to these functions during the installation of an application, the smartphone may then be able to make calls and send SMSs without further authorization.

    The signature for Trojan-SMS.AndroidOS.FakePlayer.a has already been added to Kaspersky Lab’s antivirus databases.

    I wonder how prevalent this is going to become, will we eventually end up having to pay out for AV/AS on our handsets? For now, to protect yourself, make sure the Unknown Sources option is unticked under Settings\Applications and watch what permissions anything you are installing is looking for.


Comments

  • Registered Users, Registered Users 2 Posts: 3,495 ✭✭✭Abelloid


    Is the apk embedded in the sms? Or does it just have a link to download it? Does it auto install?

    Non-story from a company with something to gain from creating fear amongst Android users IMHO.


  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    Frankly, if someone is foolish enough to install an apk that they get in an SMS (and ignore the permissions explicity asked for), there's not much Google or anybody else can do for them

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Moderators, Recreation & Hobbies Moderators, Social & Fun Moderators, Sports Moderators Posts: 12,808 Mod ✭✭✭✭Keano


    JustinOval wrote: »
    Is the apk embedded in the sms? Or does it just have a link to download it? Does it auto install?

    Non-story from a company with something to gain from creating fear amongst Android users IMHO.
    Exactly my first thought.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    the_irish_virus.jpg


  • Registered Users, Registered Users 2 Posts: 1,234 ✭✭✭Mr Bloat


    JustinOval wrote: »
    Is the apk embedded in the sms? Or does it just have a link to download it? Does it auto install?

    Non-story from a company with something to gain from creating fear amongst Android users IMHO.

    Who would you have trusted this news from? McAfee, Symantec, Trend? They all have something to gain from creating 'fear' but they monitor malware trends just as much as Kaspersky do.
    28064212 wrote: »
    Frankly, if someone is foolish enough to install an apk that they get in an SMS (and ignore the permissions explicity asked for), there's not much Google or anybody else can do for them

    I agree that someone would want to be pretty stupid to get hit by this but the link to install doesn't necessarily come from an sms, it can come from an email, website link, whatever. Say a buddy of yours got a virus on his pc and it generated a mail to you saying click here for a new Android media player. There's a chance you might hit the link and install the .apk without taking much notice of the permissions that the app is being granted. Maybe you wouldn't but there are people out there that will.
    What matters here is that malware is being developed for Android and it shouldn't be dismissed out of hand just because it may only affect the stupid.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,910 ✭✭✭✭28064212


    Mr Bloat wrote: »
    I agree that someone would want to be pretty stupid to get hit by this but the link to install doesn't necessarily come from an sms, it can come from an email, website link, whatever. Say a buddy of yours got a virus on his pc and it generated a mail to you saying click here for a new Android media player. There's a chance you might hit the link and install the .apk without taking much notice of the permissions that the app is being granted. Maybe you wouldn't but there are people out there that will.
    What matters here is that malware is being developed for Android and it shouldn't be dismissed out of hand just because it may only affect the stupid.
    Where's the follow-on from that? Is there some way for Google to prevent attacks of this nature? No, not without locking the OS down until it's virtually unusable. They'd have to make texting premium numbers require rooting to block this specific attack. Is publicising this attack going to do any good? No, because anyone who reads this level of tech news would know not to click on it anyway

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Registered Users, Registered Users 2 Posts: 3,495 ✭✭✭Abelloid


    Mr Bloat wrote: »
    Who would you have trusted this news from? McAfee, Symantec, Trend? They all have something to gain from creating 'fear' but they monitor malware trends just as much as Kaspersky do.

    I'm not denying there are malicious apps, it's the SMS bit that winds me up - SMS trojan? Is it installed without your permission, via unsolicited SMS?


  • Registered Users, Registered Users 2 Posts: 171 ✭✭jeromeof


    I don't think it installs via SMS, it just sends SMS messages to premium numbers in the background without your permission (well technically the app apparently does show that it request permission to send sms messages when its installed).

    As people have said you would have to be pretty stupid to go to a third party website (where the .apk file was actually hosted) and download this. But possible with the lack of a commercial Market in ireland might drive people outside the Market to these alternative android markets, so it is probably good to point this out to new Android users. Just like PC users often try to get commercial software from "alternative sources" and potentially end up with a virus/malware for their troubles.

    The real danger would definitely be if it did actually send an SMS (or Email link to itself) to all your contacts without you knowing it. Then this would become more of a virus than just some stupid malware application.


  • Registered Users, Registered Users 2 Posts: 3,495 ✭✭✭Abelloid


    jeromeof wrote: »
    I don't think it installs via SMS, it just sends SMS messages to premium numbers in the background without your permission (well technically the app apparently does show that it request permission to send sms messages when its installed).

    Ah, OK.


  • Registered Users, Registered Users 2 Posts: 1,234 ✭✭✭Mr Bloat


    28064212 wrote: »
    Where's the follow-on from that? Is there some way for Google to prevent attacks of this nature? No, not without locking the OS down until it's virtually unusable. They'd have to make texting premium numbers require rooting to block this specific attack. Is publicising this attack going to do any good? No, because anyone who reads this level of tech news would know not to click on it anyway

    So if someone writes malware that attacks Android it shouldn't be publicised? Where's the logic in that?
    One follow on that I would think is reasonable is to have an additional warning system to the permissions page - one which pops up after an app is installed when it attempts to access something like sms or the dialer. A simple warning like "app x wants to send a sms, do you want to allow this", similar to the warnings which pop up when an app want SU access after rooting.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,992 ✭✭✭✭partyatmygaff


    Quite a simple way to end all of this. Create a database of all premium phone prefixes and then have it hook on to the dialer and SMS application and then have it ask for a password if the phone attempts to dial/text a premium number.


Advertisement